sd-bus: when augmenting creds, remember which ones were augmented

Also, when we do permissions checks using creds, verify that we don't do so based on augmented creds, as extra safety check.
author: Lennart Poettering <lennart@poettering.net> 2015-04-21 00:58:08 +0200
committer: Lennart Poettering <lennart@poettering.net> 2015-04-21 00:58:56 +0200
commit: 0f51442056157cfec2efc52ddbff7392b0ff674a (patch)
tree: d806661843f62a79fea36f50657728b185146d05 /src/libsystemd/sd-bus/bus-util.c
parent: 822d9b6e4c2f0dc1ebc606006dc52257f06850c5 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/src/libsystemd/sd-bus/bus-util.c b/src/libsystemd/sd-bus/bus-util.c
index ed366145d9..840878931f 100644
--- a/src/libsystemd/sd-bus/bus-util.c
+++ b/src/libsystemd/sd-bus/bus-util.c
@@ -206,6 +206,9 @@ static int check_good_user(sd_bus_message *m, uid_t good_user) {
         if (r < 0)
                 return r;
 
+        /* Don't trust augmented credentials for authorization */
+        assert_return((sd_bus_creds_get_augmented_mask(creds) & SD_BUS_CREDS_EUID) == 0, -EPERM);
+
         r = sd_bus_creds_get_euid(creds, &sender_uid);
         if (r < 0)
                 return r;
author	Lennart Poettering <lennart@poettering.net>	2015-04-21 00:58:08 +0200
committer	Lennart Poettering <lennart@poettering.net>	2015-04-21 00:58:56 +0200
commit	0f51442056157cfec2efc52ddbff7392b0ff674a (patch)
tree	d806661843f62a79fea36f50657728b185146d05 /src/libsystemd/sd-bus/bus-util.c
parent	822d9b6e4c2f0dc1ebc606006dc52257f06850c5 (diff)